Astrill is a VPN that is based in the Seychelles, which means that it is well out of the way of overreaching governments. It provides a personal VPN service, VPN routers, and business VPN solutions. This review will focus on the personal VPN option.
At first glance, Astrill appears to be a high-end VPN service that offers all the perks that you would expect. It has servers located in 49 countries, which makes it ideal for spoofing and unblocking purposes. The Windows client is packed with features, allows you to toggle through many different encryption options and has DNS leak protection, IPv6 leak protection, and a kill switch. These are features that you only get with the very best VPNs and are definitely a sign of quality. Sadly, the Android client doesn’t compare to the Windows client, and we found encryption to be lacking (see below).
The client may seem a little complicated to beginners in the VPN world. However, most of the settings are well set up by default. As such, as long as users use the drop down menu at the top to select OpenVPN (it comes set to proprietary OpenWeb* encryption by default) then everything will be correct from the outset.
Pricing and Plans
While most VPNs offer the option to pay monthly, with Astrill you can purchase a three-month, six-month or yearly subscription.
If you sign up for three months it will set you back just under $10 per month. Subscribing for a year at a time works out to be considerably less, costing just $5.83 per month. This is really reasonable considering the level of service that is on offer.
The obvious downside of having to commit to a minimum of three months is that you will have to commit to the service for that amount of time. The good news is that they allow you to test the entire service for seven days for free. This means you can make sure that it does everything that you want it to.
In addition, there is a money-back guarantee for purchasers. However, do be aware that the money-back guarantee is only for customers who don’t use the free trial. If you use the seven-day free trial, you will not get a money-back guarantee. This is because they consider that you have already thoroughly tested the service prior to buying a subscription. As such, you should be careful not to purchase a year’s subscription if you think you might change your mind (and have already used the seven-day free trial).
Peer to peer is permitted using Astrill, though you will need to be on OpenVPN or StealthVPN modes to use it. Here is what Astrill’s website says:
Astrill’s servers are located all over the world, in 49 countries. In addition, users get access to both East and West coast US servers (a total of 27 servers in the US). All in all, the server location choices are truly outstanding with Astrill. Definitely one of the best things about the service.
Astrill is based in the Seychelles, which means that the firm isn’t under the jurisdiction of any overreaching governments. This is very good news for privacy and is definitely a plus about Astrill’s service.
Although no usage logs are kept, Astrill does keep the last 20 connection logs (time of connection and length of time connected). These get deleted as you create more and only the last 20 logs are ever held. That is really pretty good though, of course, there are zero log VPNs out there if that is what you are after.
Astrill offers plenty of encryption options on its Windows client. You can use OpenVPN, StealthVPN, and OpenWeb. We recommend OpenVPN, as that is the only truly secure VPN encryption option. The great news is that OpenVPN has a lot of cipher options in the Astrill Windows client. Users can choose from:
This is an incredible array of options. Being able to use non-Nist Camellia is certainly very pleasing and highly recommended.
As for handshake, hash auth and whether Perfect Forward Secrecy is used: I can’t tell you because the firm told me the information is ‘classified.’ As such, we can assume that encryption is implemented badly.
*OpenWeb: Note that in both the Windows and Android clients (the ones I tested), OpenWeb protocol was selected as default. This is an unknown and proprietary encryption protocol that we know very little about. We do not trust it for privacy and security purposes. As such, you are advised against it. Astrill told me that it worked as a proxy service in the browser, however, it does not need to be installed as an app in the browser – so whether this works for privacy is a gamble. The fact that it is closed source and proprietary certainly doesn’t bode well.
Sadly, on Android, the client doesn’t have as many options. Encryption is either StealthVPN or OpenWeb. It is AES 256-bit as default, but without handshake and hash auth – this still remains likely to be not as strong as it ought to be.
Sadly, I was unable to find out anything about Perfect Forward Secrecy on any of the clients.
The website is simple, easy to navigate, and self-explanatory. It doesn’t have a particularly flashy feel or attempt (as some VPNs do) to overly sell itself. The website does have a lot of options, but these are aimed at more experienced VPN users and businesses. As such, anybody interested in the VPN for personal use will be fine ignoring the vast majority of features on the website. The nice thing about the extra info (and options) is that if you need them they are available.
For the majority of users, however, it will suffice to simply download the client that you require for the platform you are running. The good news is that Astrill has client software for all the popular platforms: Windows, Mac, Linux, Android, and iOS.
Support is provided via a ticket system or emails and a 24/7 live chat system. Emails got a reply within a few hours, which isn’t a long time to have to wait. More importantly, their tech support was there within a few minutes every time that I used the service. Sadly, not all of their tech team were highly knowledgeable about encryption options. However, the team was able to make contact with its developers quickly to answer techy questions.
I felt that the team pulled together and walked me through the things I wanted to know quickly and in a highly efficient and friendly manner. As such, I can’t fault their customer service team.
Also good is the fact that Astrill has a knowledge-base on its website that has answers to many common problems. Users can quickly search it in order to get answers.
Subscribing to Astrill is perhaps the most annoying thing about the service. I was confronted with ‘captcha’ a few times as I used the website to subscribe and download the software. However, this slight annoyance is offset by the fact that it means Astrill is doing its utmost to keep bots from infiltrating its systems.
One drawback is the amount of details that Astrill wants from users in order to allow them to subscribe. Users must enter an email address, physical address, and a phone number to get a four-digit verification code. If you don’t enter the four-digit code you may not use Astrill (including the free trial).
Once you have confirmed the code, however, the client is easily accessed on their website and downloads quickly. It installs very quickly and after confirming your email and password you will be able to connect to its servers. Be aware that the VPN software comes set to OpenWeb by default – so please select OpenVPN in the drop down menu at the top of the client to be properly secure.
Windows VPN Client
The Windows VPN client is really awesome. Once installed, you will find it in the notification area of your start bar. From there it is very easy to control all of its features. Simply click on Settings to get at all the options. Here you can choose the level of encryption that you desire for your OpenVPN protocol. In addition, you can click on Privacy to get at the kill switch and leak protection tools.
When you are on OpenVPN you will see a little lock next to the server location. This lock will remain in place the whole time that you are protected. You will need to turn the VPN connection off in order to get the drop down menu of server locations to reappear.
DNS Leak Protection
Astrill has the option to enforce DNS leak protection, IPv6 leak protection (which are both turned on as default) and WebRTC IP leak protection.
The good news is that DNS leak protection is built into the Windows client and works. No DNS leaks were detected using ipleak.net. In addition, no WebRTC leaks were detected. This is great news and means Astrill’s Windows client is doing its job well when it comes to privacy.
Sadly, this was not true of the Android client. That suffers from not having OpenVPN as an option and was found to have DNS leaks during my tests.
Astrill does have a kill switch. To locate it, click on Settings > Privacy > Internet Kill Switch. Once selected, you will be protected against your VPN dropping out and sending unencrypted traffic to your ISP. The kill switch will completely terminate your internet connection until the VPN connection is reestablished. This is a valuable feature that only the very best VPNs have.
The Android version of Astrill is at the bottom of the platform options. It downloads quickly and is really easy to install. The client is designed for Android and as such is ready to use as soon as you download and install the app.
Sadly there is no kill switch or DNS leak protection in the Android client. In addition, I did find there to be a DNS leak when I tested the Android client.
Another slight drawback with the Android client is that it does not offer the level of encryption options available on the Windows client. Encryption is StealthVPN or OpenWeb rather than our recommended protocol, OpenVPN.
Performance (Speed, DNS, WebRTC and IPv4 Tests)
Tests were performed using TestMy.net on a UK Virgin Media VIVID 100 optical connection. Connection speeds were really good on the UK, Netherlands, and US servers. There was only a slight hit to performance on each of the servers. In fact, connection speeds were so good that this can be considered one of the best parts of the service.
The good news is that no IPv4 DNS leaks were detected in the Windows client. In addition, there were no WebRTC leaks detected in the Windows client.
Fast connection speeds
Servers in 49 countries
No DNS leaks on Windows
Lots of encryption options for OpenVPN (our recommended protocol)
Netflix US and BBC iPlayer available
Easy to use clients
Kill switch and DNS leak protection (Windows client)
Great customer support
No usage logs, but…
I wasn’t so sure about
Last 20 connection logs kept
Android client doesn’t compare to the Windows client (poor encryption and DNS leaks)
Only two simultaneous connections
Lots of info must be handed over to subscribe (including a phone number)
In conclusion, Astrill is a pretty good VPN service for Windows that is good value for money. The Windows client offers excellent cipher options, which make the service pretty secure (though handshake, hash auth, and PFS are unconfirmed and likely a let down). Sadly the Android client doesn’t compare: OpenVPN is not available and DNS leaks were detected.
For these reasons, I consider Astrill to be a much better VPN service for Windows and worthy of consideration. With that said, I would not consider the Android client to be in the same league as the Windows client. For that reason, I would consider looking elsewhere if an Android client is important to you.
In addition, we were unable to prise highly important encryption information from Astrill. As most VPN services are proud to boast about good encryption, it seems rather likely that Astrill’s encryption (despite plenty of cipher choices in its Windows client) sucks.